BIMCO Archives - SHIP IP LTD

BIMCO and INTERTANKO have jointly published Q&As addressing the contractual implications owners and charterers should keep in mind when chartering ships fitted with scrubbers. The Q&As highlight the key charter party clauses and concepts which should be reviewed for both time and voyage charter parties.

“We are pleased to have worked with BIMCO to provide advice and assistance for owners who have chosen this route to 2020 compliance. We will continue to develop the Q&As as experience of scrubber use develops,” said Michele White, General Counsel at INTERTANKO.

BIMCO’s Head of Contracts and Clauses, Grant Hunter, adds:

“We regularly receive questions about chartering issues relating to scrubber-fitted ships. These Q&As jointly produced with INTERTANKO will offer many useful answers as well as guidance.”

The Q&As consist of three parts. The first part deals with the implications of using scrubber-fitted ships under time charter parties, the second part deals with voyage charter parties and the third part addresses general considerations such as enforcement, fines and prohibition of open-loop scrubbers.

The main focus is on time charter parties as it is expected that this is where the use of a scrubber will have the greatest impact.

BIMCO and INTERTANKO have individually published clauses addressing the coming into force of MARPOL Annex VI Regulation 14 and 18 dealing with the reduction of sulphur oxide emissions from the current 3.50% m/m to 0.5% m/m. However, these clauses do not deal with the special operational, technical and commercial requirements of scrubbers installed on ships.

In early 2019, a BIMCO and INTERTANKO working group discussed whether there was a need for a dedicated “scrubber clause”. The working group concluded that, for the time being, no “scrubber clause” should be published. This is because the scrubber is, once installed, a “normal” piece of equipment and does not require any special status or special legal regime. The existing standard clauses (such as off-hire, drydocking and maintenance) will work in a time charter context in cases when the scrubber is not working.

The Q&A document is available to download from the BIMCO and INTERTANKO websites:

Overview

BIMCO’s Documentary Committee has agreed a new standard Cyber Security Clause that requires the parties to implement cyber security procedures and systems, to help reduce the risk of an incident and mitigate the consequences should a security breach occur.

In the wake of recent costly cyber security incidents involving large shipping companies, cyber security has become a major focus in the maritime industry.

BIMCO has taken a lead position on cyber security issues through its active role at the International Maritime Organization and by co-authoring the “Industry Guidelines on cyber security onboard ships”. The development of the BIMCO Cyber Security Clause has been an important part of this initiative.

The clause has been written by a small drafting team, led by Inga Frøysa of Klaveness, with representatives from shipowners, P&I clubs and a law firm, and will be published towards the end of May.

“I am very pleased to see BIMCO as the first mover on this important topic. Recent years have shown that there is a clear need for a clause addressing the contractual issues that can arise from a cyber security incident,” says Inga Frøysa.

Sharing relevant information

The clause is drafted in broad and generic language which allows for it to be used in a wide range of contracts and in a string of contracts for easy back-to-back application. It is hoped that the clause will assist parties in obtaining affordable insurance for their cyber security exposure, as the clause introduces a cap on the liability for breaches.

“It was very important to the subcommittee to impose an obligation on the parties to keep each other informed if a cyber security incident should occur, and to share any relevant information, which could assist the other party in mitigating and resolving an incident as quickly as possible,” Frøysa says.

This is done through a two-fold notification process. Firstly, through an immediate notification from the party who becomes aware of an incident to the other party. Secondly, through a more detailed notification once the affected party has had the chance to investigate the incident.

The clause also requires the parties to always share subsequent information, which could assist the other party in mitigating or preventing any effects from the incident.

The level of required cyber security will depend on many elements such as the size of the company, its geographical location and nature of business.

The clause takes this into account by stipulating that the parties must implement “appropriate” cyber security. The clause also requires each party to use reasonable endeavors to ensure that any third-party providing services on its behalf in connection with the contract, has appropriate cyber security.

BIMCO has co-sponsored a proposal at the 43rd session of the Facilitation Committee (FAL 43) held at the IMO Headquarters on 8-12 April, putting anti-corruption formally on the IMO agenda going forward.

This week, a maritime corruption paper was presented at the 43rd session, including a request to the International Maritime Organization (IMO) to make maritime corruption a regular work item.

The paper received solid support from 23 countries and international organizations, including BIMCO who attended the meeting, and it was decided that the IMO will work on a maritime corruption guidance expected to be completed by 2021.

“We are very pleased that the IMO will now discuss the issue of maritime corruption in the FAL Convention and that the IMO will now come up with guidance to help our members by addressing corruption,” says Aron Sorensen, Head of Maritime Technology & Regulation at BIMCO.

“No less than 23 countries and international organisations supported the anti-corruption paper, marking a new step towards a stronger fight against corruption in our industry,” Sorensen says.

To assist its members, BIMCO has developed an Anti-Corruption Clause for Charter Parties that addresses the situation by providing market users with a regime for responding to unlawful demands for gifts.

Cyber threats are constantly evolving which requires a regular review of all cyber related processes on board ships to allow for successful protection against cyber attacks. We are pleased to announce that today various maritime industry organisations published a revised third version of the “Guidelines on Cyber Security onboard Ships”. The document provides guidance to shipowners and operators on how to assess their operations and develop procedures to strengthen cyber resilience on board their ships. The Guidelines will continue to be updated regularly to mirror the evolution of cyber security threats and to outline new measures to mitigate against dynamic cyber risks.

Key updates in Version 3.0 include:

the requirement to incorporate cyber risks in the ship’s safety management system (SMS);

more detailed information related to the risk assessments of operational technology (OT);

increased guidance for dealing with the risks in the ship’s supply chain;

BIMCO aims to publish cyber security clause in spring 2019

Overview

BIMCO is developing a clause dealing with cyber security risks and incidents that might affect the ability of one of the parties to perform their contractual obligations.

The clause is being drafted by a small team led by Inga Froysa of Klaveness, Oslo. Other companies involved include Navig8, the UK P&I Club and HFW, and the project is due to be completed in May 2019.

Planning and protecting is key

The BIMCO cyber security clause requires the parties to have plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident.

Mitigating the effect of a cyber security breach is of paramount importance and the clause requires the affected party to notify the other party quickly, so that they can take any necessary counter-measures. The clause is also designed for use in a broad range of contracts. This way, the clause can cover arrangements with third-party service providers, such as brokers and agents.

The liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of USD 100,000 will apply if no other amount is inserted.

Two important functions

The clause will fulfill two important functions. The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.

In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details.

A strain of ransomware known as “Bad Rabbit” is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

Once a computer is infected, victims are sent to a page on the Tor browser that demands .05 Bitcoins (about $275) within around 41 hours, in exchange for the decryption of the data and access to the machine. If time expires, the ransom increases.

As always, anyone infected is discouraged from paying the ransom. For one, there’s no guarantee you’ll get the data back but importantly, refusing to pay the ransom discourages future ransomware attacks.

Although BadRabbit shows similarities to Petya, it’s still unclear who is behind the recent attack. The original Petya took down a number of government agencies and businesses earlier this year, mostly in Ukraine. Russia is a viable suspect for Petya, but all evidence tying the malware with any nation state has been circumstantial.

IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety !

Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.

One of the discussions that took place at the IMO Maritime Safety Committee’s 98th session (MSC 98) in June was whether the IMO’s newly approved guidelines on maritime cyber risk management should be incorporated into the International Safety Management Code (ISM), the international standard for safe ship operations.

While such a directive was not formally adopted, what was adopted was a resolution affirming that approved safety management systems (SMS) should take cyber risk management into account in accordance with the requirements of the ISM.

The resolution encouraged flag administrations to ensure that cyber risks are addressed in SMS no later than the first annual verification of the company’s document of compliance after 1 January 2021.

SHIP IP LTD – Can assist your company to ensure compliance with Cyber Security requirement as we can offer FULL support to your company like :

MARITIME CYBER SECURITY MANUAL

Following latest developments in our industry and various guidelines published by BIMCO, USCG Cyber Bulletins and TMSA 3 – element 13 we have develop a generic MARITIME Cyber Security Manual which can be used by all Shipping Companies as a best practice .

SHIP IP LTD have develop a Maritime Cyber Security manual to provide a risk management solution for Shipping companies and their vessels against various Cyber incidents.

Cyber incidents with negative effects to companies reputation or even results to economic effects when delays to services provided by their vessels.

Needless to point that Cyber Security is now part of TMSA 3 – Element 13 and all companies operating Tankers should immediate consider to develop or include to their existing Safety Management system, procedures , contingencies plans ( offices and vessels), define hazards,threats and risks when it comes to Cyber incidents.

Our Manual in word format with following content for sure with small changes will fit to your companies setup and will cover all regulations and international requirements :

As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are increasingly being networked together – and more frequently connected to the worldwide web.
This brings the greater risk of unauthorized access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel having access to the systems on board, for example by introducing malware via removable media.
Relevant personnel should have training in identifying the typical modus operand of cyber attacks.
The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organizations, with support from a wide range of stakeholders, have developed these guidelines, which are designed to assist companies develop resilient approaches to cyber security onboard ships.
Approaches to cyber security will be company- and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations. The Guidelines provide a risk-based approach to identifying and responding to cyber threats.